![[SpamCop.net - protecting the internet through technology]](http://news.spamcop.net/newlogo.jpg)
[SC-Help] Re: What now?
Mike Easter
MikeE at ster.invalid
Wed Jul 13 16:10:50 EDT 2005
wskrispy wrote:
> Hiyas. One of my clients is under assault from a very aggressive
> spammer who is spoofing sender names, sending dozens of worm-infected
> spams per hour. I have reported about five of these spams to Spamcop
> and have sent two messages to the abuse email address at the Italian
> ISP this clown uses.
That sounds like the Italian IP of your recent 'spam' example which is
actually a viral propagation.
85.40.108.210 rDNS host210-108.pool8540.interbusiness.it
Virus identified I-Worm/Mytob.HL
> The offending IP hasn't even shown up on Spamcop's blocking list (my
> first report of this IP was at least 10 days ago). I've received no
> reply from the ISP. What should I do now?
If you /successfully/ submit and report the isolated propagation as
discussed in news:db42d1$eap$1 at news.spamcop.net
Mike Easter wrote:
> Then all you will have to do is find a technique to isolate those
> original 'attachment' headers, which are also contiguous with the
> spambody [see body2 above], to submit to the parser.
then SC will identify the source IP if reported, and tally up the
'score' according to its formula described at
http://www.spamcop.net/fom-serve/cache/297.html What is the SpamCop
Blocking List (SCBL)?
which weighs recent reports, considers reputation points or estimations
of nonreport traffic, weighs any additional SC spamtraps and so forth.
At the present time, the IP 85.40.108.210 does not show on the 'radar
screen' at senderbase.
Volume Statistics for this IP
Magnitude Vol Change vs. Average
Last day 0.0 -100%
Last 30d 0.0 -100%
Average 0.0
<use monofont for columns>
--
Mike Easter
kibitzer, not SC admin
More information about the SpamCop-Help
mailing list